Socusoft's Photo 2 Video Converter v8.0.0 (Free and Professional variants) contains a local buffer overflow condition in the pdmlog.dll library. Exploitation can result in register rewrites to control program execution flow, therefore, resulting in the ability to execute arbitrary shellcode leading to complete system compromise.
The vulnerability allows an attacker to include files from the local file system by manipulating the 'language' parameter in the activateuser.php script. By specifying a relative path to the '/etc/passwd' file, an attacker can read sensitive information such as usernames and hashed passwords.
This is an HTML exploit that allows for arbitrary code execution. It takes advantage of a vulnerability in the way HTML is parsed and rendered by browsers. By crafting specially crafted HTML code, an attacker can inject and execute malicious code on a victim's machine.
The php_win32sti.dll extension in PHP version <= 5.2.0 for win32 allows a local buffer overflow, which can be exploited to control the EDX and EIP registers and potentially dictate program flow.
FLIR FC-S/PT series suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user.
The Easy DVD Creator version 2.5.11 is vulnerable to a buffer overflow vulnerability. This can be exploited on Windows 10 64bit systems using SEH overwrite technique. The vulnerability occurs when processing user input for the 'Enter User Name' field during registration. By providing a specially crafted input, an attacker can overflow the buffer and gain control of the SEH (Structured Exception Handler), allowing the execution of arbitrary code.
The exploit allows an attacker to execute unauthorized SQL queries in the Joomla com_gmaps 1.00 component. By injecting malicious code in the mapId parameter, the attacker can retrieve sensitive information such as usernames and passwords from the jos_users table.
There are two vulnerabilities in wolioCMS: SQL Injection and Bypass Administrator Login. The SQL Injection vulnerability can be exploited if 'magic_quotes_gpc' is set to 'off'. The Bypass Administrator Login vulnerability allows an attacker to bypass the administrator login page and gain unauthorized access. The vulnerabilities have been found by k1tk4t and reported to the vendor. Exploits for both vulnerabilities are provided in the text.
This module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password supplied using HTTP basic authentication is used in a call to exec(). This module has been tested successfully on version 2.11 RC2 and 2.13 RC1 on CentOS.
A vulnerability exists in the latest version of Razer Synapse (v2.20.15.1104 as of the day of disclosure) which can be leveraged locally by a malicious application to elevate its privileges to those of NT_AUTHORITYSYSTEM. The vulnerability lies in a specific IOCTL handler in the rzpnk.sys driver that passes a PID specified by the user to ZwOpenProcess. This can be issued by an application to open a handle to an arbitrary process with the necessary privileges to allocate, read and write memory in the specified process. This exploit leverages this vulnerability to open a handle to the winlogon process (which runs as NT_AUTHORITYSYSTEM) and infect it by installing a hook to execute attacker controlled shellcode. This hook is then triggered on demand by calling user32!LockWorkStation(), resulting in the attacker's payload being executed with the privileges of the infected winlogon process. In order for the issued IOCTL to work, the RazerIngameEngine.exe process must not be running. This exploit will check if it is, and attempt to kill it as necessary. The vulnerable software can be found here: https://www.razerzone.com/synapse/. No Razer hardware needs to be connected in order to leverage this vulnerability.
Services By CQR